C. Drive sanitization D. Damage and loss control Answer: A


19. Which of the following is a best practice for coding applications in a secure manner? A. Input validation B. Object oriented coding C. Rapid Application Development (RAD) D. Cross-site scripting Answer: A


20. Which of the following demonstrates the process of ensuring that both ends of the connection are in fact who they say they are? A. Integrity B. Identification C. Authentication D. Non-repudiation Answer: D


21. Performance baselines are used to: A. record which users type their passwords incorrectly. B. demonstrate a man-in-the-middle attack. C. indicate anomaly-based network attacks. D. indicate the current presence of malicious code. Answer: D


22. An administrator wishes to deploy an IPSec VPN connection between two routers across a WAN. The administrator wants to ensure that the VPN is encrypted in the most secure fashion possible. Which of the following BEST identifies the correct IPSec mode and the proper configuration? A. IPSec in tunnel mode, using both the ESP and AH protocols B. IPSec in tunnel mode, using the ESP protocol C. IPSec in transport mode, using the AH protocol D. IPSec in transport mode, using both ESP and AH protocols Answer: A


23. Which of the following type of attacks requires an attacker to sniff the network? A. Man-in-the-Middle B. DDoS attack C. MAC flooding D. DNS poisoning Answer: A


24. A CEO is concerned about staff browsing inappropriate material on the Internet via HTTPS. It has been suggested that the company purchase a product which could decrypt the SSL session, scan the content and then repackage the SSL session without staff knowing. Which of the following type of attacks is similar to this product? A. Replay B. Spoofing C. TCP/IP hijacking D. Man-in-the-middle Answer: D


25. A CRL contains a list of which of the following type of keys? A. Both public and private keys


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7